Merge branch 'main' into corymhall/alb/fix-connections

aws · Sep 8, 2022 · 4a794df · 4a794df
2 parents 112a5f9 + ab76681
commit 4a794df
Show file tree

Hide file tree

Showing 116 changed files with 2,507 additions and 3,196 deletions.
diff --git a/.gitallowed b/.gitallowed
@@ -25,6 +25,7 @@ account: '422531588944'
 account: '924023996002'
 account: '919366029133' #cn-north-1
 account: '919830735681' #cn-northwest-1
+account: '909464085924' #ap-southeast-3
 
 # The account IDs of password rotation applications of Serverless Application Repository
 # https://docs.aws.amazon.com/secretsmanager/latest/userguide/enable-rotation-rds.html

diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md
@@ -2,6 +2,19 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.41.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.40.0-alpha.0...v2.41.0-alpha.0) (2022-09-07)
+
+
+### Features
+
+* **batch:** add propagate tags prop in job definition ([#21904](https://github.com/aws/aws-cdk/issues/21904)) ([1bc4526](https://github.com/aws/aws-cdk/commit/1bc4526261c2fbdd6ce6c371ba1d9da2f79e07bd)), closes [#21740](https://github.com/aws/aws-cdk/issues/21740)
+
+
+### Bug Fixes
+
+* **lambda-python:** bundling with poetry is broken ([#21945](https://github.com/aws/aws-cdk/issues/21945)) ([4b37157](https://github.com/aws/aws-cdk/commit/4b37157b47ab38124b62649649d0df9b701cb7fe)), closes [#21867](https://github.com/aws/aws-cdk/issues/21867)
+* **lambda-python:** poetry bundling fails on python3.7 ([#21950](https://github.com/aws/aws-cdk/issues/21950)) ([809e1b0](https://github.com/aws/aws-cdk/commit/809e1b0d5dc29be02f95ea4361b6f87f94325f3d))
+
 ## [2.40.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.39.1-alpha.0...v2.40.0-alpha.0) (2022-08-31)
 
 

diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md
@@ -2,6 +2,28 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.41.0](https://github.com/aws/aws-cdk/compare/v2.40.0...v2.41.0) (2022-09-07)
+
+
+### Features
+
+* **assertions:** add function for verifying the number of matching resource properties ([#21707](https://github.com/aws/aws-cdk/issues/21707)) ([80cb527](https://github.com/aws/aws-cdk/commit/80cb527c01173a060064606b8fe286d5510f145e))
+* **custom-resource:** allow AwsCustomResource to be placed in vpc ([#21357](https://github.com/aws/aws-cdk/issues/21357)) ([62d7bf8](https://github.com/aws/aws-cdk/commit/62d7bf83b4bfe6358e86ecf1c332e51a3909bd8a))
+* **ec2:** allow private non-nat subnets ([#21699](https://github.com/aws/aws-cdk/issues/21699)) ([e1794e3](https://github.com/aws/aws-cdk/commit/e1794e346c2a04bf8f2e5f63138095a79f512cfe))
+* **ecs:** add `maxSwap` and `swappiness` properties to LinuxParameters ([#18703](https://github.com/aws/aws-cdk/issues/18703)) ([08eb1d6](https://github.com/aws/aws-cdk/commit/08eb1d66ae9caa6589c3ee66c4040a4e116adf52)), closes [#18460](https://github.com/aws/aws-cdk/issues/18460)
+* **lambda-event-sources:** add kafka consumerGroupId support ([#21791](https://github.com/aws/aws-cdk/issues/21791)) ([b36bc11](https://github.com/aws/aws-cdk/commit/b36bc1146d06c7b9decface9f4ed9edeca61aa56))
+* compress aws-cdk-lib tablet file ([#21854](https://github.com/aws/aws-cdk/issues/21854)) ([5a3db2d](https://github.com/aws/aws-cdk/commit/5a3db2d19dc5525bfef568f17fffa09657b6ef21))
+* **ecs:** add function for adding secrets to containers after instantiating them ([#21826](https://github.com/aws/aws-cdk/issues/21826)) ([572f781](https://github.com/aws/aws-cdk/commit/572f7815cc5447aac9413b374ebbfd92bfa610a6)), closes [#18959](https://github.com/aws/aws-cdk/issues/18959)
+
+
+### Bug Fixes
+
+* **aws-cdk:** cdk bootstrap print JSON template when using --json option ([#21852](https://github.com/aws/aws-cdk/issues/21852)) ([7bc3d18](https://github.com/aws/aws-cdk/commit/7bc3d18ff742140a35238af0241b5dc4c2cf73ee)), closes [#21456](https://github.com/aws/aws-cdk/issues/21456) [#21456](https://github.com/aws/aws-cdk/issues/21456)
+* **core:** `--debug` doesn't record stack traces ([#21931](https://github.com/aws/aws-cdk/issues/21931)) ([9f2ea45](https://github.com/aws/aws-cdk/commit/9f2ea458609b29a91eb792165be6de596ce1aea9))
+* **events:** additional plaintext header are not set on eventbridge connection ([#21857](https://github.com/aws/aws-cdk/issues/21857)) ([f3f4814](https://github.com/aws/aws-cdk/commit/f3f4814b66ef2b0070fb6b25af9f6566bc1783a0))
+* **events-targets:** cannot set retry policy to 0 retry attempts  ([#21900](https://github.com/aws/aws-cdk/issues/21900)) ([5549f16](https://github.com/aws/aws-cdk/commit/5549f1692270bce06a1d9cde952f9cd23a04204b)), closes [40aws-cdk/aws-events-targets/lib/util.ts#L54-L59](https://github.com/40aws-cdk/aws-events-targets/lib/util.ts/issues/L54-L59) [#21864](https://github.com/aws/aws-cdk/issues/21864)
+* **stepfunctions:** cfnSpec breaks definitionSubstitutions prop ([#21887](https://github.com/aws/aws-cdk/issues/21887)) ([3adf841](https://github.com/aws/aws-cdk/commit/3adf84188947eb2fde6171f70d0d9c2dcdb78563)), closes [#21653](https://github.com/aws/aws-cdk/issues/21653)
+
 ## [2.40.0](https://github.com/aws/aws-cdk/compare/v2.39.1...v2.40.0) (2022-08-31)
 
 

diff --git a/package.json b/package.json
@@ -18,15 +18,15 @@
   "devDependencies": {
     "@types/prettier": "2.6.0",
     "@yarnpkg/lockfile": "^1.1.0",
-    "cdk-generate-synthetic-examples": "^0.1.16",
+    "cdk-generate-synthetic-examples": "^0.1.17",
     "conventional-changelog-cli": "^2.2.2",
     "fs-extra": "^9.1.0",
     "graceful-fs": "^4.2.10",
     "jest-junit": "^13.2.0",
-    "jsii-diff": "^1.66.0",
-    "jsii-pacmak": "^1.66.0",
-    "jsii-reflect": "^1.66.0",
-    "jsii-rosetta": "^1.66.0",
+    "jsii-diff": "^1.67.0",
+    "jsii-pacmak": "^1.67.0",
+    "jsii-reflect": "^1.67.0",
+    "jsii-rosetta": "^1.67.0",
     "lerna": "^4.0.0",
     "patch-package": "^6.4.7",
     "semver": "^6.3.0",

diff --git a/packages/@aws-cdk/aws-apigateway/test/usage-plan.test.ts b/packages/@aws-cdk/aws-apigateway/test/usage-plan.test.ts
@@ -1,7 +1,5 @@
 import { Template } from '@aws-cdk/assertions';
-import { testFutureBehavior } from '@aws-cdk/cdk-build-tools/lib/feature-flag';
 import * as cdk from '@aws-cdk/core';
-import * as cxapi from '@aws-cdk/cx-api';
 import * as apigateway from '../lib';
 
 const RESOURCE_TYPE = 'AWS::ApiGateway::UsagePlan';
@@ -298,35 +296,32 @@ describe('usage plan', () => {
       expect(logicalIds).toEqual(['mylogicalid']);
     });
 
-    describe('future flag: @aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId', () => {
-      const flags = { [cxapi.APIGATEWAY_USAGEPLANKEY_ORDERINSENSITIVE_ID]: true };
-
-      testFutureBehavior('UsagePlanKeys have unique logical ids', flags, cdk.App, (app) => {
-        // GIVEN
-        const stack = new cdk.Stack(app, 'my-stack');
-        const usagePlan = new apigateway.UsagePlan(stack, 'my-usage-plan');
-        const apiKey1 = new apigateway.ApiKey(stack, 'my-api-key-1', {
-          apiKeyName: 'my-api-key-1',
-        });
-        const apiKey2 = new apigateway.ApiKey(stack, 'my-api-key-2', {
-          apiKeyName: 'my-api-key-2',
-        });
-
-        // WHEN
-        usagePlan.addApiKey(apiKey1);
-        usagePlan.addApiKey(apiKey2);
-
-        // THEN
-        const template = app.synth().getStackByName(stack.stackName).template;
-        const logicalIds = Object.entries(template.Resources)
-          .filter(([_, v]) => (v as any).Type === 'AWS::ApiGateway::UsagePlanKey')
-          .map(([k, _]) => k);
-
-        expect(logicalIds).toEqual([
-          'myusageplanUsagePlanKeyResourcemystackmyapikey1EE9AA1B359121274',
-          'myusageplanUsagePlanKeyResourcemystackmyapikey2B4E8EB1456DC88E9',
-        ]);
+    test('UsagePlanKeys have unique logical ids', () => {
+      // GIVEN
+      const app = new cdk.App();
+      const stack = new cdk.Stack(app, 'my-stack');
+      const usagePlan = new apigateway.UsagePlan(stack, 'my-usage-plan');
+      const apiKey1 = new apigateway.ApiKey(stack, 'my-api-key-1', {
+        apiKeyName: 'my-api-key-1',
       });
+      const apiKey2 = new apigateway.ApiKey(stack, 'my-api-key-2', {
+        apiKeyName: 'my-api-key-2',
+      });
+
+      // WHEN
+      usagePlan.addApiKey(apiKey1);
+      usagePlan.addApiKey(apiKey2);
+
+      // THEN
+      const template = app.synth().getStackByName(stack.stackName).template;
+      const logicalIds = Object.entries(template.Resources)
+        .filter(([_, v]) => (v as any).Type === 'AWS::ApiGateway::UsagePlanKey')
+        .map(([k, _]) => k);
+
+      expect(logicalIds).toEqual([
+        'myusageplanUsagePlanKeyResourcemystackmyapikey1EE9AA1B359121274',
+        'myusageplanUsagePlanKeyResourcemystackmyapikey2B4E8EB1456DC88E9',
+      ]);
     });
   });
 });
diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers/package.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers/package.json
@@ -85,7 +85,7 @@
     "@aws-cdk/cdk-build-tools": "0.0.0",
     "@aws-cdk/integ-runner": "0.0.0",
     "@aws-cdk/pkglint": "0.0.0",
-    "@types/aws-lambda": "^8.10.102",
+    "@types/aws-lambda": "^8.10.103",
     "@aws-cdk/integ-tests": "0.0.0",
     "@types/jest": "^27.5.2"
   },

diff --git a/...cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/package.json b/...cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/package.json
@@ -29,7 +29,7 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@types/aws-lambda": "^8.10.102",
+    "@types/aws-lambda": "^8.10.103",
     "@types/sinon": "^9.0.11",
     "@aws-cdk/cdk-build-tools": "0.0.0",
     "aws-sdk": "^2.596.0",

diff --git a/packages/@aws-cdk/aws-cloudformation/package.json b/packages/@aws-cdk/aws-cloudformation/package.json
@@ -87,7 +87,7 @@
     "@aws-cdk/integ-runner": "0.0.0",
     "@aws-cdk/cfn2ts": "0.0.0",
     "@aws-cdk/pkglint": "0.0.0",
-    "@types/aws-lambda": "^8.10.102",
+    "@types/aws-lambda": "^8.10.103",
     "@types/jest": "^27.5.2",
     "jest": "^27.5.1"
   },

diff --git a/packages/@aws-cdk/aws-cloudfront/test/distribution.test.ts b/packages/@aws-cdk/aws-cloudfront/test/distribution.test.ts
@@ -2,9 +2,7 @@ import { Match, Template } from '@aws-cdk/assertions';
 import * as acm from '@aws-cdk/aws-certificatemanager';
 import * as lambda from '@aws-cdk/aws-lambda';
 import * as s3 from '@aws-cdk/aws-s3';
-import { testFutureBehavior, testLegacyBehavior } from '@aws-cdk/cdk-build-tools/lib/feature-flag';
 import { App, Duration, Stack } from '@aws-cdk/core';
-import { CLOUDFRONT_DEFAULT_SECURITY_POLICY_TLS_V1_2_2021 } from '@aws-cdk/cx-api';
 import {
   CfnDistribution,
   Distribution,
@@ -289,7 +287,6 @@ ellipsis so a user would know there was more to ...`,
 });
 
 describe('multiple behaviors', () => {
-
   test('a second behavior can\'t be specified with the catch-all path pattern', () => {
     const origin = defaultOrigin();
 
@@ -443,7 +440,6 @@ describe('multiple behaviors', () => {
 });
 
 describe('certificates', () => {
-
   test('should fail if using an imported certificate from outside of us-east-1', () => {
     const origin = defaultOrigin();
     const certificate = acm.Certificate.fromCertificateArn(stack, 'Cert', 'arn:aws:acm:eu-west-1:123456789012:certificate/12345678-1234-1234-1234-123456789012');
@@ -475,61 +471,25 @@ describe('certificates', () => {
     }).toThrow(/Must specify at least one domain name/);
   });
 
-  describe('adding a certificate and domain renders the correct ViewerCertificate and Aliases property', () => {
-    testFutureBehavior(
-      'when @aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021 is enabled, use the TLSv1.2_2021 security policy by default',
-      { [CLOUDFRONT_DEFAULT_SECURITY_POLICY_TLS_V1_2_2021]: true },
-      App,
-      (customApp) => {
-        const customStack = new Stack(customApp);
-
-        const certificate = acm.Certificate.fromCertificateArn(customStack, 'Cert', 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012');
-
-        new Distribution(customStack, 'Dist', {
-          defaultBehavior: { origin: defaultOrigin() },
-          domainNames: ['example.com', 'www.example.com'],
-          certificate,
-        });
-
-        Template.fromStack(customStack).hasResourceProperties('AWS::CloudFront::Distribution', {
-          DistributionConfig: {
-            Aliases: ['example.com', 'www.example.com'],
-            ViewerCertificate: {
-              AcmCertificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
-              SslSupportMethod: 'sni-only',
-              MinimumProtocolVersion: 'TLSv1.2_2021',
-            },
-          },
-        });
-      },
-    );
-
-    testLegacyBehavior(
-      'when @aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021 is disabled, use the TLSv1.2_2019 security policy by default',
-      App,
-      (customApp) => {
-        const customStack = new Stack(customApp);
-
-        const certificate = acm.Certificate.fromCertificateArn(customStack, 'Cert', 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012');
-
-        new Distribution(customStack, 'Dist', {
-          defaultBehavior: { origin: defaultOrigin() },
-          domainNames: ['example.com', 'www.example.com'],
-          certificate,
-        });
-
-        Template.fromStack(customStack).hasResourceProperties('AWS::CloudFront::Distribution', {
-          DistributionConfig: {
-            Aliases: ['example.com', 'www.example.com'],
-            ViewerCertificate: {
-              AcmCertificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
-              SslSupportMethod: 'sni-only',
-              MinimumProtocolVersion: 'TLSv1.2_2019',
-            },
-          },
-        });
+  test('use the TLSv1.2_2021 security policy by default', () => {
+    const certificate = acm.Certificate.fromCertificateArn(stack, 'Cert', 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012');
+
+    new Distribution(stack, 'Dist', {
+      defaultBehavior: { origin: defaultOrigin() },
+      domainNames: ['example.com', 'www.example.com'],
+      certificate,
+    });
+
+    Template.fromStack(stack).hasResourceProperties('AWS::CloudFront::Distribution', {
+      DistributionConfig: {
+        Aliases: ['example.com', 'www.example.com'],
+        ViewerCertificate: {
+          AcmCertificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+          SslSupportMethod: 'sni-only',
+          MinimumProtocolVersion: 'TLSv1.2_2021',
+        },
       },
-    );
+    });
   });
 
   test('adding a certificate with non default security policy protocol', () => {
@@ -552,11 +512,9 @@ describe('certificates', () => {
       },
     });
   });
-
 });
 
 describe('custom error responses', () => {
-
   test('should fail if only the error code is provided', () => {
     const origin = defaultOrigin();
 
@@ -611,7 +569,6 @@ describe('custom error responses', () => {
       },
     });
   });
-
 });
 
 describe('logging', () => {
@@ -915,7 +872,6 @@ describe('with Lambda@Edge functions', () => {
 });
 
 describe('with CloudFront functions', () => {
-
   test('can add a CloudFront function to the default behavior', () => {
     new Distribution(stack, 'MyDist', {
       defaultBehavior: {
@@ -949,7 +905,6 @@ describe('with CloudFront functions', () => {
       },
     });
   });
-
 });
 
 test('price class is included if provided', () => {

diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/lambda/lambda-invoke-action.test.ts b/packages/@aws-cdk/aws-codepipeline-actions/test/lambda/lambda-invoke-action.test.ts
@@ -3,15 +3,11 @@ import * as codepipeline from '@aws-cdk/aws-codepipeline';
 import * as lambda from '@aws-cdk/aws-lambda';
 import * as s3 from '@aws-cdk/aws-s3';
 import * as sns from '@aws-cdk/aws-sns';
-import { testFutureBehavior } from '@aws-cdk/cdk-build-tools/lib/feature-flag';
 import { App, Aws, Lazy, SecretValue, Stack, Token } from '@aws-cdk/core';
-import * as cxapi from '@aws-cdk/cx-api';
 import * as cpactions from '../../lib';
 
 /* eslint-disable quote-props */
 
-const s3GrantWriteCtx = { [cxapi.S3_GRANT_WRITE_WITHOUT_ACL]: true };
-
 describe('', () => {
   describe('Lambda invoke Action', () => {
     test('properly serializes the object passed in userParameters', () => {
@@ -160,11 +156,11 @@ describe('', () => {
       }));
     });
 
-    testFutureBehavior("assigns the Action's Role with write permissions to the Bucket if it has only outputs", s3GrantWriteCtx, App, (app) => {
+    test("assigns the Action's Role with write permissions to the Bucket if it has only outputs", () => {
       const stack = stackIncludingLambdaInvokeCodePipeline({
         lambdaOutput: new codepipeline.Artifact(),
         // no input to the Lambda Action - we want write permissions only in this case
-      }, app);
+      });
 
       Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
         PolicyName: 'PipelineInvokeLambdaCodePipelineActionRoleDefaultPolicy103F34DA',
@@ -205,11 +201,11 @@ describe('', () => {
       });
     });
 
-    testFutureBehavior("assigns the Action's Role with read-write permissions to the Bucket if it has both inputs and outputs", s3GrantWriteCtx, App, (app) => {
+    test("assigns the Action's Role with read-write permissions to the Bucket if it has both inputs and outputs", () => {
       const stack = stackIncludingLambdaInvokeCodePipeline({
         lambdaInput: new codepipeline.Artifact(),
         lambdaOutput: new codepipeline.Artifact(),
-      }, app);
+      });
 
       Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', {
         PolicyName: 'PipelineInvokeLambdaCodePipelineActionRoleDefaultPolicy103F34DA',